AI Web Threat Insights in ThreatQuotient with alphaMountain CDF

Problem

Analysts investigating Domain and URL-based threats need up-to-date intelligence for effective triage. Without automated enrichment, threat data can become outdated, requiring manual look-ups that slow response and increase risk of oversight.

Objective

This article details how the alphaMountain CDF integration works — what it provides, how to install and configure it, and how it behaves — so that administrators and analysts can quickly enable and benefit from automated Domain/URL enrichment.

Overview

The alphaMountain CDF enables automatic ingestion of Domain and URL intelligence (categorizations and threat scores) into your platform. Using AI and machine learning, alphaMountain provides fast, contextual insight about Domains and URLs — delivering timely threat-relevant information to support investigations and threat hunting. helpcenter.threatq.com

The integration offers two distinct feeds: “Threat Categorizations” and “Threat Scores,” delivering updated categorization data or risk scores only when changes occur. helpcenter.threatq.com

Key Capabilities

Available Feeds

• alphaMountain Threat Categorizations — pulls URLs whose categorization data has recently changed. helpcenter.threatq.com

• alphaMountain Threat Scores — pulls URLs whose threat scores have recently changed. helpcenter.threatq.com

This ensures that only relevant, changed data flows into the system, reducing noise while keeping intelligence current.

Indicator Types Ingested

• URL

• FQDN (Fully Qualified Domain Name) helpcenter.threatq.com

Prerequisites

Before enabling the integration, ensure the following:

• A valid license for alphaMountain.ai. helpcenter.threatq.com

• Access to an active alphaMountain.ai instance. helpcenter.threatq.com

Limitations / Known Considerations

• The maximum number of URLs processed per feed run is capped by the customer’s alphaMountain.ai license. helpcenter.threatq.com

• Because the feed returns only recently changed URLs (categorizations or scores), any unchanged URLs will not be re-ingested. This is by design to minimize noise.

• Hostname ingestion (when enabled) may set the hostname IOC to “Review” by default — because a benign hostname may host multiple URLs, some malicious, some benign. Administrators should carefully consider this when configuring ingest settings. helpcenter.threatq.com

Benefits (Why Use This Integration)

• Adds contextual, AI-powered enrichment automatically — no manual lookups needed.

• Keeps Threat Library current by ingesting only updated Domains/URLs, reducing stale data.

• Enables scalable URL/FQDN risk tracking — ideal for large environments or frequent web-based threat encounters.

References

• alphaMountain CDF official documentation (ThreatQ Help Center) helpcenter.threatq.com

• ThreatQ Marketplace entry for alphaMountain CDF marketplace.threatq.com+1

Call to Action

If you haven’t yet, enable the alphaMountain CDF to start ingesting enriched Domain/URL intelligence — then comment below to share how it’s working, or report any issues for feedback.